I am trying to setup custom domain for my APIM instance using below script
[CmdletBinding()]
param (
[String]
$ResourceGroupName,
[String]
$Hostname,
[String]
$ApimServiceName,
[string]
$KeyVaultId
)
$ProxyHostnameConf = New-AzApiManagementCustomHostnameConfiguration -Hostname $Hostname -HostnameType "Proxy" -KeyVaultId $KeyVaultId -DefaultSslBinding
$apim = Get-AzApiManagement -ResourceGroupName $ResourceGroupName -Name $ApimServiceName
$apim.ProxyCustomHostnameConfiguration = $ProxyHostnameConf
Set-AzApiManagement -InputObject $apim
But the script is failing with below error
Line |
15 | Set-AzApiManagement -InputObject $apim
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 'SubnetResourceId' does not match expected pattern
| '^/subscriptions/[^/]*/resourceGroups/[^/]*/providers/Microsoft.(ClassicNetwork|Network)/virtualNetworks/[^/]*/subnets/[^/]*$'.
I am getting this error both in my local machine as well as from the devops Microsoft hosted agent
I was able to fix this using azure cli command mentioned in the below ink
Azure CLI - Bash script to set up API Management custom domain
[CmdletBinding()]
param (
[String]
$ResourceGroupName,
[String]
$HostName,
[String]
$KeyVaultId,
[String]
$ApimServiceName
)
$config ='[{\"hostName\":\"'+$HostName+'\",\"type\":\"Proxy\",\"keyVaultId\":\"'+$KeyVaultId+'\",\"defaultSslBinding\":true,\"negotiateClientCertificate\":false}]'
Write-Host $config
az apim update --resource-group $ResourceGroupName --name $ApimServiceName --set hostnameConfigurations=$config
Related
I have a virtual network in my resource group with the default subnet Microsoft Storage Service endpoints are already assigned to the default subnet of the virtual network but, now I want to add another multiple service endpoint with default subnet using PowerShell
The code below is what I'm using to add the service endpoint Microsoft.ServiceBus to the same virtual network.
#Get vnet
$virtualnetwork = Get-AzureRmVirtualNetwork -Name $VN -ResourceGroupName $RG
#Configure service endpoint
Add-AzureRmVirtualNetworkSubnetConfig -Name $SN -AddressPrefix $SAP -
VirtualNetwork $virtualnetwork -ServiceEndpoint $EP
#Set configuration
$virtualnetwork | Set-AzureRmVirtualNetwork
The issue is that every time I run the above script, it updates the current service endpoint rather than adding a new one. Any idea
I tried to reproduce the same in my environment and added the service endpoint successfully like below.
I have created microsoft.storage service endpoint with default subnet like Below.
I tried to add another service endpointMicrosoft.ServiceBus to the same virtual network with default subnet using below powershell script
$subscription = "ID"
$subnets = #('default')
$vnetName = "your vnetname"
$vnetRgName = "Rgname"
$newEndpoint = "Microsoft.ServiceBus"
Set-AzContext -Subscription $subscription
foreach($snet in $subnets){
Write-Host "Modifying Service Endpoints for subnet: $snet" -fore red -back white
$virtualNetwork = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRgName | Get-AzVirtualNetworkSubnetConfig -Name $snet
$addrPrefix = $virtualNetwork.AddressPrefix
#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$virtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
if ($ServiceEndPoint -notcontains $newEndPoint){
$ServiceEndPoint.Add($newEndpoint)
}
$delegation=$virtualNetwork.Delegations
#Add new service endpoint
Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRgName | Set-AzVirtualNetworkSubnetConfig -Name $snet -AddressPrefix $addrPrefix -ServiceEndpoint $ServiceEndPoint -Delegation $delegation | Set-AzVirtualNetwork
}
Output:
To check in portal, Microsoft.serviceBus is added successfully with default subnet along with Microsoft.storage.
I am running simple ps cmdlets to connect to azure datalake gen2 storage, some of the cmdlets are working and authenticating through corporate proxy (powershell is configured to use proxy on my machine). however some commands are failing with "Proxy Authentication is required".
Can someone share ideas or reason or fix ?
$subscription = "subscription"
$storageAccount = "storage"
$filesystem = "rawdata"
Connect-AzAccount -Subscription $subscription | Out-Null
$context = New-AzStorageContext -StorageAccountName $storageAccount -UseConnectedAccount
Below commands are throwing an error
Get-AzDataLakeGen2Item -Context $ctx -FileSystem $fileSystem
Get-AzDataLakeGen2ChildItem -Context $context -FileSystem $fileSystem
Get-AzDataLakeGen2ChildItem : Proxy Authentication Required At line:1
char:1
Get-AzDataLakeGen2ChildItem -Context $ctx
+ CategoryInfo : CloseError: (:) [Get-AzDataLakeGen2ChildItem], RequestFailedException
+ FullyQualifiedErrorId : RequestFailedException,Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet.GetAzDataLakeGen2ChildItemCommand
But this command is working fine.
Get-AzDatalakeGen2FileSystem -Context $ctx
One of the workaround for connecting to the Azure Data Lake Gen2 Storage account using PowerShell through Proxy by using following Code:
$browser = New-Object System.Net.WebClient
$browser.Proxy.Credentials =[System.Net.CredentialCache]::DefaultNetworkCredentials
Run this Code before connecting to the Azure Account.
I have executed this code to list the files available in the directory of my container in Azure Data Lake Gen2 Storage locally (Windows PowerShell ISE)
Windows PowerShell ISE:
Reference: Access web using PowerShell and Proxy
I'm writing a PowerShell script for starting MySQL Server process, initiating backups from Azure Recovery Services, then starting MySQL Server process again.
For my purposes Wait-AzRecoveryServicesBackupJob cmdlet is not suitable, as Azure Backup always takes 10 minutes to take a snapshot and takes 3-24 hours to transfer that snapshot to Vault. How can I wait only until snapshot is taken?
You will need to set up your own polling loop, but unfortunately the Get-AzRecoveryServicesBackupJob doesn't have the properties you need. There are two options available to you in Powershell-- the REST API or the CLI.
Once you've gotten the job info, you can find the individual tasks under properties.extendedInfo.tasksList
Implementing this under the CLI would look something like this:
$resourceGroup = "resourceGroup"
$vaultName = "vaultName"
$jobs = az backup job list --resource-group $resourceGroup --vault-name $vaultName --start-date 28-8-2020 | convertfrom-json
$jobName = $jobs[0].name
$jobStatus = az backup job show --name $jobName --resource-group $resourceGroup --vault-name $vaultName
$taskStatus = $jobStatus.properties.extendedInfo.tasksList | Where-Object { $_.taskId -eq "Take Snapshot"}
While ( $taskStatus.status -ne Completed ) {
Write-Host -Object "Waiting for completion..."
Start-Sleep -minutes 1
$jobStatus = az backup job show --name $jobName --resource-group $resourceGroup --vault-name $vaultName
$taskStatus = $jobStatus.properties.extendedInfo.tasksList | Where-Object { $_.taskId -eq "Take Snapshot"}
}
Write-Host -Object "Done!"
I have a PowerShell script that restrict access to Web Apps down to a subnet from a Virtual Network:
Param (
[Parameter(Mandatory=$True)]
[string]
$ResourceGroupName,
[Parameter(Mandatory=$True)]
[string]
$WebAppName,
[Parameter(Mandatory=$True)]
[string]
$VirtualNetworkName,
[Parameter(Mandatory=$True)]
[string]
$SubnetName
)
Add-AzWebAppAccessRestrictionRule -ResourceGroupName $ResourceGroupName -WebAppName $WebAppName -Name "VPN" -Priority 500 -Action Allow -VirtualNetworkName "$VirtualNetworkName" -SubnetName "$SubnetName"
How can I reference Virtual Network that resides in other Resource Group than my Web Apps? Documentation don't seem to have such example. I'm able to reference Virtual Network in another Resource Group in Portal and via ARM Template, but when I use the PowerShell script mentioned above I get:
##[error]The Resource 'Microsoft.Network/virtualNetworks/vNet1' under resource group 'Test1-RG' was not found.
You could use the -SubnetId parameter to reference the subnet in another resource group.
The SubnetId is like
"/subscriptions/<subscriptiondID>/resourceGroups/<rgName>/providers/Microsoft.Network/virtualNetworks/<vnetName>/subnets/<subnetName>"
Param (
[Parameter(Mandatory=$True)]
[string]
$ResourceGroupName,
[Parameter(Mandatory=$True)]
[string]
$WebAppName,
[Parameter(Mandatory=$True)]
[string]
$SubnetId
)
Add-AzWebAppAccessRestrictionRule -ResourceGroupName $ResourceGroupName -WebAppName $WebAppName -Name "VPN" -Priority 500 -Action Allow -SubnetId $SubnetId
What is the equivalent of az command in powershell
az ad sp create-for-rbac --query "{ client_id: appId, client_secret: password, tenant_id: tenant }"
What extra parameters should I add to New-AzADServicePrincipal
az ad sp create-for-rbac Create a service principal and configure its
access to Azure resources.
I would like to do the same with powershell az command
If you want to create an Azure AD service principle by command : New-AzADServicePrincipal and get its client id, client secret and tenant id as cli command replies , try command below :
$sp = New-AzADServicePrincipal
$clientsec = [System.Net.NetworkCredential]::new("", $sp.Secret).Password
$tenantID = (get-aztenant).Id
$jsonresp =
#{client_id=$sp.ApplicationId
client_secret=$clientsec
tenant_id=$tenantID}
$jsonresp | ConvertTo-Json
Result :
The New-AzADSecurityPrincipal cmdlet has changed. Here's an updated version of the previous answer:
$sp = New-AzADServicePrincipal
$json = #{
client_id = $sp.AppId
client_secret = $sp.PasswordCredentials.SecretText
tenant_id = (Get-AzTenant).Id
} | ConvertTo-Json